![Hack This Zine Into Other Languages, If You Are Inter- Ested Send an Email to Staff [At] Hackbloc [Dot] Org](http://data.docslib.org/img/7e37a257d0c2d01ee6cd88c961a5a698-1.webp)
The Hacktivist’s Guide To The Internet
Page 1 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet ======THE HACKTIVIST’S GUIDE TO THE INTERNET (HackThisZine #9, Winter 2010) ======
Introduction...... Page 03
News and Events
Pirate Bay Launches Private Proxy (VPN) Services...... Page 05 Hate Social Networking?...... Page 06 German ‘Fleshmob’ Takes on Full-Body Airport Scanners...... Page 06 Anonymous Pwns Australian Government in Operation Titstorm...... Page 07 Fugitive VoIP Hacker Pleads Guilty to Stealing 10 Million Minutes...... Page 07 Manchester Police Computer Systems Shut Down by Conficker...... Page 08 Even if you clear your private data, how track able is your browser...... Page 08 See You in the Bay!...... Page 08
Theory
Social Change Within The Hacker Movement... By Dave U. Random...... Page 11 Autonomy and a New High Tech by Cloacina...... Page 13 Can’t Stop The Signal by the March Hare Collective...... Page 17 Comcast Watch...... Page 22 Fighting the Fascists using Direct Action Hacktivism by thoughtcriime...... Page 24 Guardian Project...... Page 27 Little Brother Review...... Page 30 Ronin: Badger! Badger! Badger! by Evoltech...... Page 31
Upcoming Con’s and Events...... Page 34 The Back Page...... Page 35
********************************************************************************************* anti-(C)opyright 2010
This zine is anti-copyright: you are encouraged to Reuse, Reword, and Reprint everything in this zine as you please.
This includes: printing your own copies to distribute to friends and family, copying and pasting bits of text in your own works, mirroring electronic copies to websites and file sharing services, or anything else you can think of...
...Without asking permision or apologizing! ********************************************************************************************* Page 2 Page 3 The Hacktivist’s Guide To The Internet Introduction
Things have been busy around the HB net- it for you by next issue and would like to work up-links recently mostly in preparation point out that Jeremy has not been involved for the SF @ bookfair / 8 days of anarchy / with HB since his sentencing a number of BASTARD conference. years ago.
While HB has had a presence at the bookfair As always we want to hear from those of for at least the past 4 years it has mostly you reading this zine online or in print, those been in the free table section outside where of you crushing on us, drawing the HB logo various members could be seen milling in your notebooks with hearts around it, around handing out copies of the zine and and those of you hating on us starting flame sharing lock picking techniques and tools. threads on the Internet. We are always ac- cepting articles for the next issue, looking We started talking about having a more for new projects to give exposure to, and established presence after last years can always use letters to publish that do not bookfair with a table inside, a scheduled involve requests to hack your ex’s facebook presentation of sorts, and a new account, or offers on deals for medicine to issue of the zine. We are excited to bring make us better lovers or tools to make us you the ninth issue of HTZ, see more attractive. you at the “Digital security for and by Anti- Authoritarians” workshop at With monitor tan, love, and solidarity! Noisebridge, and catch up with you at the bookfair. The Hackbloc Collective
This recent drive and work has resulted in some new relationships, questions about future plans, and fair amount of meeting time spent talking about our role in the anarchist community. The articles of issue 9 reflect this work with the exception of an article regarding our participation in a community remediation process with Jeremy Ham- mond. While we were not able to get this article in for this issue we hope to have Page 2 Page 3 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet
Page 4 Page 5 The Hacktivist’s Guide To The Internet Pirate Bay Launches Private Proxy (VPN) Services, Promised Logless, Encrypted Privacy Submitted by Anonymous on 01/21/2010 According to TorrentFreak, The Pirate service, check out Relakks. Bay has finally launched its public VPN service and allowed anybody to get an For only 149 SEK (that’s about 15 EUR / account. This allows citizens around the 21 USD) per 3 months you will get safe, world high-speed “anonymous” internet encrypted communication between you access for only $7 a month. and the internet, with no logging of the data transferred. It’s of our utmost con- The way it works is that your computer cern that you can use the network without establishes an encrypted connection to anyone deciding what you’re can commu- their VPN service (in Sweden) and then nicate about. your web traffic, BitTorrent, etc. are sent from there. Anybody looking to find out Ipredator is not only another VPN-service. your real identity will be stopped once It’s also a statement. Right now we’re de- they realize it’s coming from an IPREDA- veloping a new tool to make it harder (or TOR server impossible) for which doesn’t the government keep logs. As an of Sweden to tap added benefit of into their citizens the encrypted traffic. Our goal connection, your is making people employer, people have the abil- on your wire- ity to use their less network, democratic rights, and your internet without a fear of service provider repression. won’t be able to see what you’re So, the more peo- doing online, only that you’re connect- ple that actually use the service, the better. ing to this proxy service. Since Sweden’s We will get funds to build more tools and laws are more supportive of privacy and at the same time the users clearly show free speech than those in most countries that they want to be anonymous. It sends a including the USA, having internet ac- very clear message to the politicans! cess from there can be very useful. If you leak files or do journalistic work through Please invite your friends if they need IPREDATOR, you gain extra protection a service like Ipredator, and tell people under Sweden’s source-protection laws about the reasons why they should be which make it illegal to investigate the allowed to communicate without a third source of a leaked document used for party listening to their conversations... The journalistic purposes. most important thing is to actually make people aware of the situation. This is one of the many layers of defense that organizations like Wikileaks provide. If you are looking for a different VPN
Page 4 Page 5 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet Hate Social Networking? Commit Suicide. Submitted by Anonymous on 01/14/2010 Hate your online social networks? Sick of LinkedIn, and MySpace. Better yet, you acquaintances who barely know you eating can watch it do this live and enjoy watch- up hours of your time and rating how attrac- ing your online demise which is as close tive you are compared to others? Want to get as you’ll get to an out of body experience to know real people? Want to kick the habit? without risking your health by fasting or Kill yourself... online that is! taking drugs.
Since the launch of the Web 2.0 Suicide Why stop there though? These sites make Machine, over 800 people have cathartically money using their user’s information (which killed their online identities, de-friended is never really deleted anyways) to sell ad- over 50,000 friends, and removed over vertising. Give them something they’ll love: 200,000 tweets. Even Facebook got in on more information for their hungry databases. the action, sending a baseless legal threat to Fill it with junk, join random groups, send the group which was posted to the whistle- meaningless messages, and friend request blower site Cryptome. people you’d never even be remotely in- terested in back when you had your online The site will quickly delete all of the content identity. Poison the machine! on your accounts at Facebook, Twitter,
It is with great sorrow that we announce that Facebook Inc. has decided that WORM, the producer of the Web 2.0 Suicide Machine, will be excommunicated from Facebook. The initiative to build the Web 2.0 Suicide Machine came from Moddr_, WORM’s media lab. By threatening WORM, Facebook is trying to take down the Suicide Machine.
The Web 2.0 Suicide Machine allows users of - among others - Facebook to commit ‘social network suicide’. Facebook threatens WORM with further legal action if WORM doesn’t stop targeting the FaceBook platform via the SuicideMachine. In addition, it has now also demanded that WORM immediately deletes its own Facebook profile (WORM_Rotterdam). According to Facebook and its lawyer, the Web 2.0 Suicide Machine has violated Facebook’s Terms of Service and with that WORM has forfeited it’s right to keep using the platform. WORM does not want to engage in a fight over this matter with Facebook. The idea behind the ebW 2.0 Suicide Machine was to be able to ‘unfriend’ in an automated fashion and to make users of social networks aware that they should always be in control of their own data. Facebook won’t allow for this control and is also not willing to enter into this debate. We are pretty much done with that and are left with no other choice than to commit online suicide ourselves. The conditions and attitude of Facebook leave no other option as far as WORM is concerned.
WORM deeply regrets the current situation. The web 2.0 Suicide Machine was never intended to target Facebook as such, but meant as a tool for people who, for whatever reason, are tired of their online life. Facebook wants all access to their service, personal data of their users included, to run via their own ‘connect’ platform. In this way, Facebook can set, interpret and change its own rules as it sees fit...
The excommunication of WORM illustrates that data freedom and net neutrality of users is merely an illusion on many social net- work sites. Not only is it not allowed for people to unfriend (in an automated manner), but companies also have the power to expel users they do not like. Facebook shows that a user only has the rights that Facebook grants it.
Facebook claims all rights. WORM does not want to continue living in this 2.0 world. Which is why we say goodbye to all our friends. We wish you all the best.
No flowers, no speeches. [moddr_labs, WORM, Rotter, damworm.org, moddr.net, suicidemachine.org] German ‘Fleshmob’ Takes on Full-Body Airport Scanners Submitted by Anonymous on 01/13/2010 A ‘fleshmob’ of Pirate Party sympathizers great opportunities for voyeuristic pleasure. in Germany confronted the new full-body In a study at Hull University, researchers scanning devices at the Berlin-Tegel in Ger- found that one in ten women were targeted many. This new scanning technology allows for such purposes by surveillance camera scanner operators to see beneath the clothes operators. of people walking through them, providing Page 6 Page 7 The Hacktivist’s Guide To The Internet Anonymous Pwns Australian Government in Operation Titstorm Submitted by Anonymous on 02/12/2010 Update Feb 13th 2010: List of websites According to a member of anonymous, “No taken offline: Australian Parliament + government should have the right to refuse Stephen Conroy (http://www.australia.gov. its citizens access to information solely be- au/, http://www.aph.gov.au/, . They have cause they perceive it to be unwanted”. The been down for two days now and anonymous website of the Australian Parliament was said the attack could continue “for months”. getting 7.5 million hits a second. Govern- Interview with “spokesperson” for anony- ment offices involved were also hit with “a mous at http://delimiter.com.au/2010/02/12/ shitstorm of porn e-mail, fax spam, black anonymous-attacks-better-than-signing... faxes and prank phone calls to government offices.” The porn consisted mainly of “ex- The hacktivist group Anonymous has treme” porn and female ejaculation, both of launched a wave of successful attacks which are proposed to be banned. against websites of the Australian govern- ment. As many hackers are aware, Australia Based on reports, the main wave of attacks has proposed mandatory internet filtering is through but low-intensity fighting con- at the isp level for all citizens. During the tinues. If the past actions of anonymous are trial runs where the effectiveness of such a anything to go by, another wave or two of hypothetical system was measured, several attacks are expected in the next month. It’s whistleblowing, commercial, and otherwise worth noting that Anonymous declared war “normal” or political sites were blocked. on Australia several months ago.
Fugitive VoIP Hacker Pleads Guilty to Stealing 10 Million Minutes Submitted by Anonymous on 02/04/2010 Edwin Andrew Pena, a hacker who stole over 10 million VoIP minutes by routing them through a botnet, has pled guilty to several felony charges, facing up to 25 years in prison.
After posting bond, he fled to Mexico to avoid charges but it looks like he’s in the clutch of the law once again.
He allegedly banked over a million dollars over the course of two years selling VoIP minutes at almost a quarter of their original price. All of this was done from one cable connection where he spent most of his bandwidth scanning for new botnet additions.
More Info on this can be found at:
www.theregister.co.uk
Original article was published February 3rd, 2010.
Page 6 Page 7 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet Manchester Police Computer Systems Shut Down by... Conficker Submitted by Anonymous on 02/04/2010
In an epic security fail, the Manchester Police’s criminal lookup system was dis- abled when it was discovered it had been infected with conficker. Their computer network had to be isolated from other police departments to stop its spread. Apparently somebody doesn’t run basic anti-virus... or hasn’t updated it in a few years.
One has to wonder what lax security like this means. Some script kiddie with a exe patcher could probably do a big rm -f * on everything. Even if you clear your private data, how trackable is your browser? Submitted by david on /01/29/2010 Even if you disable cookies and clear the views, may be completely unique. private data on your browser, you still might be just as trackable. Why? Browsers give The Electronic Frontier Foundation has lots of information to the sites you visit released a tool called Panopticclick which including the browser version (called the compares your browser’s fingerprint to thou- user agent), what type of information it can sands of others and tells you how “unique” view (flash, videos, audio, etc.), the ability yours is in addition to what makes it unique. to store flash cookies, your screen/window It is worth mentioning that TorButton, which size, your color depth, and much much is commonly bundled with the Tor software more. In fact, by changing only one aspect has protected against this type of tracking of your browser’s information to protect for years. There’s a post at their blog for your privacy such as a user agent, you might those looking for more on these attacks. be making your browser easier to track. In some cases, your browser’s “fingerprint”, [http://blog.torproject.org/blog/effs-panopti- which is all the data it gives every website it click-and-torbutton]
See You in the Bay! Submitted by Hackbloc.org on 02/12/2010 A grip of us from Hackbloc will be in the San Francisco Bay Area enjoying 8 days of an- archy, the BASTARD conference, and the sf anarchist bookfair. We are helping organize a workshop Friday March 12th from 6pm - 9pm called Digital Security and Tactics For (and By) Anti Authoritarians at Noisebridge, the local hacker space. Hope to see you there, it’ll be a blast! Page 8 Page 9 The Hacktivist’s Guide To The Internet
Think...I was born as a thinker. I’ve spent much of my life thinking about things. Thinking about myself, thinking about others, even thinking about thinking. This is not to say I always think the right things, or that what I think about is always of any use to anyone. My brain isn’t the best brain, and I don’t have a great deal of conventional education.
Nonetheless, I sit and I think. Since an early age, my thoughts led me to believe that there was something funny about the world in which I was living. I started out as a child, interacting with my family, learning from their behavior, thinking about the things they do, the things they say. Garnering from it my basic beliefs about love, kinship, respect, and the value of life.
As my world grew beyond the borders of my immediate family, I began to learn about selfishness, greed, hate. I recognized these things as alien to what I believed “humanity” represented. I had theorized that the only reason human beings had grown beyond the animal world was because of our capacity for great things - Community, peace, love, tolerance. I still firmly believe that these are the foundations for a solid community, and a happy, prosperous life within that group.
When you are born, you are helpless. Unable to perceive the world around you, unable to rectify the situation you’re in. You have fear, but it is mitigated by the fact that you have a loving family to nurture and protect you. Fear and Love. These are the basic emotions we are born with. To simplify it further, even though you don’t understand the feelings you have, the only thing you have the capacity to be afraid of is NOT being loved. You do not KNOW this, but your biology has hard- wired you this way. Had you not been loved and cared for, you would have died. When you cry, you are calling out to the ones who love you. What I’m saying is that we are designed to love each other. Without this basic, primal desire for love, we would not have humanity. We would not have a culture at all.
From love comes empathy - The ability to see and feel the emotions of other human beings around you. From empathy sprouts understanding and tolerance. From these, a community can foster peace and tranquility. This, in my humble opin- ion, is how humanity has achieved great things. How we, as a whole, have risen up to be the stewards of our world. Not mere beasts roaming the plains, but the overseers who work the fields, care for God’s creatures, and nurture all life on this small planet. It is the peace that allowed us to take time to think. With our thoughts, we discover new ways to improve our lives and the lives of those we share our space with.
A child does not know hatred. When you were born, you did not hate. You did not discriminate based on skin colour, class, religion, or culture. You weren’t selfish, as you were not even self-aware. These are unnatural feelings, things you did not consider. That is, until you were taught by someone how to hate. We are born with the capacity for great things, and unfor- tunately that capacity includes the potential for these negative emotions. They are counter-intuitive to the things that make us great. Selfishness breeds ego. Ego gives us the capacity for materialism and hatred. Materialism because our ego desires the false admiration of others. Hatred comes from the fear that someone else has threatened our ego. These are things you did not know as a child.
I’ve spent my life being confused and conflicted. With all these things planted firmly in my mind - Things I believe to be obvious Truths - I watch the world around me in total chaos. Chaos that seems to be accelerating. This is not to say I live as a Saint, but as I said before, I spend a lot of time thinking. Most of these thoughts are dedicated to how I can raise up the ones I love. To making their lives better, thereby improving my own life with theirs. With that statement, I would also like to clarify that I’m not trying to be selfish, but simply that being part of and nurturing a peaceful, loving community will give you a more peaceful and loving life. This is inevitable.
This, unfortunately, also works with the negative, learned emotions and actions. Even more unfortunately, it seems as though there is a trend in our world pushing us towards these negative, unnatural ways. It seems popular to have the nicest car, the most sexual partners, the biggest house. These things do not provide love or peace. The desire to achieve these things displaces the natural, pushes away love and fosters selfishness. For if you are to HAVE, others must NOT. This cre- ates an imbalance, causes others suffering, creates social classes, distrust, hatred.
There is a great inequality that pervades our society. Instead of caring for one another, we are taught one-upmanship and greed. This allows for us to be taken advantage of. As we grow and are taught, indoctrinated to believe in inequality, in distrust, in competition rather than cooperation, we cry out for someone to care for us. We beg, like children, for someone to give us stability. Those who teach us greed and hatred are the ones who come forward, offering us a solution. “Be with us,” they say. “We will take care of you.” In exchange, we give our labor, loyalty, and servitude. Yet, I know I still feel as though I’m not safe. I’m not living a life of peace by being a member of this invented culture of hate.
Now, after several generations, the “protections” provided to us and the exchange of servitude are enacted upon us when we are born, by default. Do we not get a choice? Could we not solve our problems by being loving and peaceful?
I think we can and will. What do you think?
Page 8 Page 9 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet
Page 10 Page 11 The Hacktivist’s Guide To The Internet
Most people who live in communities that are even those that aren’t connected to the internet. targeted for harassment and persecution by the We’re thrown in jail on charges like ‘fraud’, ‘con- powers that be adapt to fight that targeting. Every spiracy’, and other charges - many of which stem group has a different reaction, but the most com- from the idea that thinking about committing a mon and effective one is adopting a culture of crime or talking about its possibility is the same non-cooperation. In hood culture, where people thing as committing it. see their families torn up by unequal crack/ cocaine laws, tainted evidence, racist juries, and So why then, has our reaction as a community targeted police patrols, there’s the ‘stop snitching’ been anything but complete resistance to the movement. Traditionally, the phrase ‘snitches get current system? When the police come knocking, stitches’ describes the situation pretty accurately. most hackers just roll over. Why do we tolerate In activist culture, the policy of non-cooperation cooperating in our communities? Why is it that works similarly where those who assist police are when Jeff Moss [2] works for the Department immediately outed publicly and exiled from the of Homeland Security, we all look at him as community forever. Snitching is the ultimate be- helping out society instead of what the reality of trayal, attempting to trade your friend’s freedom the situation is: he’s working for a section of a for yours. government that is responsible for tearing apart families because somebody along the line broke Hackers are another targeted community. We’ve immigration law, operating a national surveil- even got ideology on our side. Hackers, in gen- lance network that watches hackers, journalists, eral, determine rules by ourselves. We bend them, and activists, and is constantly pushing the idea break them, and when we get caught? We laugh of a surveillance state. He’s fixing their security because it took them so long. We’re against state problems so they can do their work with less in- surveillance, the police state, and government terruptions. Jeff Moss is an ally of those who we control over our lives. We’re against censor- despise and everything we despise; of those who ship, for free speech, and staunch advocates for try and frame people on the basis that they were privacy. The Streisand effect[1] is made possible using encryption and must have been ‘trying to on our connections and piracy is rampant because hide something’. we seed till we bleed. We dumpster dive, snoop on open wireless, and social engineer our way into locked-down corporate offices. We support whistle-blowers, truth in media, and the inherent While I couldn’t see many of the folks who read political statements in the Wikileaks experiment, this zine specifically engaging in these acts, I can Freenet, and the Tor project. We’re educators, see the rest of ‘the community’ doing it and I can happy to share our knowledge with others even see our readers tolerating it. I know Emmanuel when it’s inconvenient to some big corporation or Goldstein [3] would never turn anybody in, even government agency. Even when it could if he had some type of personal vendetta against them. Neither would Julian Assange, [4] The mean our freedom. Mentor [5], Bernie S. [6], Peter Sunde [7], or any of the other hackers I look up to. Whatever we When we get caught, we really get thrown in the think about the acts of another, we can all agree shithole. The FBI and the Secret Service knock that putting them in a cell isn’t going to solve or down our doors and confiscate everything that change much of anything. The antithesis of the uses electricity. We’re denied bail for fear of what hacker is the white-hat, a corporate sell-out who we might do if we get out. We’re so dangerous never breaks the law , wants to make sure the that some of us are banned from using computers, corporations and govern Page 10 Page 11 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet ments stay one step ahead of even your run of the that is targeting us all. If you like what I wrote, mill cypherpunk, and who thinks that the movie here are some potential sites you may enjoy: Hackers was a portrayal of wayward teens who snitchwire.blogspot.com, hackthissite.org, committed irresponsible acts. I know many of hackbloc.org, crimethinc.com/texts/atoz/security. you are reading this, shaking your heads. I know php, crimethinc.com/texts/atoz/fuckpolice.php, some of you are doing this because you’re down crimethinc.com/tools/downloads/pdfs/dont_ - you’re down with most of what I’m saying and talk_to.pdf. https://secure.wikileaks.org, https:// you don’t think hackers are like this. The rest of torproject.org you are probably white hats or maybe you’re a References: real hacker too, but you’ve started to get sucked [1] The Streisand effect is a primarily online phenomenon in which an attempt to censor or remove a piece of information into the mainstream rhetoric that encourages you has the unintended consequence of causing the information to abandon the hacker ethic and your friends. to be publicized widely and to a greater extent than would have occurred if no censorship had been attempted. http:// This world isn’t what it used to be. Everything en.wikipedia.org/wiki/Streisand_effect
is connected to everything and the choke point [2] Jeff Moss, also known as Dark Tangent, is the founder of is the wire. When the wire breaks, when the the Black Hat and DEF CON computer hacker conferences. server goes down, when the digital infrastructure http://en.wikipedia.org/wiki/Jeff_Moss_(hacker)
doesn’t work it takes more than a repairman to fix [3] Emmanuel Goldstein, pen name of Eric Gorden Corley, edi- it. We hold the power to make some real change, tor of the hacker magazine 2600: The Hacker Quarterly. http:// to strike at the heart of a beast. To directly stop en.wikipedia.org/wiki/Eric_Gorden_Corley ‘them’, whoever that might be. [4] Julian Assange is a public spokesman of Wikileaks, an internet based whistle-blowers site, from Australia. While often So here’s my proposal, follow it if you want or being refered to as founder of Wikileaks, he himself denied that. not. Publicly out all those who cooperate with http://en.wikipedia.org/wiki/Julian_Assange
the state or inform on hackers or pirates, support [5] Loyd Blankenship (a.k.a. The Mentor) (born 1965) has those who don’t and ostracize all that do. When been a well-known American computer hacker and writer you out them, do it right -- pictures, phone num- since the 1980s, when he was a member of the hacker groups bers, personal histories, everything. And when Extasyy Elite and Legion of Doom. http://en.wikipedia.org/wiki/ The_Mentor our friends get locked up, like when Bernie did, we need to stand by them in unconditional soli- [6] Bernie S, real name Ed Cummings, is a computer hacker darity -- not because they’re hackers or we agree living in Philadelphia, Pennsylvania. He participates in the WBAI show Off the Hook with Emmanuel Goldstein from 2600 with that they did or are accused of, but because Magazine. http://en.wikipedia.org/wiki/Bernie_S they’re being targeted by the state - an evil beast [7] Peter Sunde Kolmisoppi (alias brokep) is best known for co-founding The Pirate Bay. http://en.wikipedia.org/wiki/Pe- ter_Sunde
Food Not Bombs shares free vegan and vegetarian meals with the hungry in over 1,000 cities around the world every week to protest war, poverty and the destruction of the environment.
With over a billion people going hungry each day how can we spend billions on war?
Page 12 Page 13 The Hacktivist’s Guide To The Internet
Page 12 Page 13 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet
Page 14 Page 15 The Hacktivist’s Guide To The Internet
Page 14 Page 15 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet
Page 16 Page 17 The Hacktivist’s Guide To The Internet
How can we know what is going on and fast mass mobilizations, many still rely on old when we take to the streets? An effective school radio/walkie-talkie communications, communication system is the life-blood of cell phones, or just word of mouth, when any skirmish, uprising or revolution. Timely there are so many tools out there we could information can provide nourishment and be adapting and using to better effect. Today, animation to all other aspects of a resistance when communications are even discussed project. Without the ability to communi- in mass mobilizations, the conversations cate with our comrades we would become revolve around the technical aspects, or isolated and will not be able to effect real the means of communications to be used or substantial change. In this essay we will (should it be radio, walkie-talkie, SMS text, look at the sociological and technological phones, etc.) while the end or principles of underpinnings of various communications communication are most often overlooked systems that have been used when we gather or taken for granted. We believe that a closer to take our resistance to the streets. We look at the principles or goals of communi- will examine the shortcomings of previous cation is the first step to innovation that can models and see how they can be improved keep us ahead of the curve and the forces of upon to create a system that allows us to oppression. employ fully the passion of our dreams and resistance. Ten principles of communications we think are fundamental when developing In the anti-globalization era, the an effective street-based communication radical dissent movement used to be at the network for radicals. These principles could forefront of communication and technology be used to guide us in creating new forms of innovation. Many of us remember the early communication, and new technical tools that days of Indymedia, and the huge impact its can enhance our effectiveness while keeping model had both within our movement, and us safe on and off the street. as an important meme breaking down the barriers and professionalization of informa- 1.Speed of Information is a primary goal tion gathering and broadcasting. Today the of any useful street communication net- type of “journalism” or open participation work. Law enforcement has spent billions in media production that was the foun- of dollars on dispatch systems, radios and dation of Indymedia is ubiquitous in all city-mapping software to maximize its abil- sorts of mainstream sites, blogs, etc. while ity to respond to events in real-time and so Indymedia itself has actually declined as a must we. Anyone who has been to a protest source and locus for sharing ideas and news. knows that seconds matter. Information is The sharing of information in general has only useful if it is timely. We have become sped up tremendously in recent years and accustomed to the power of nearly instan- real-time communication is the name of the taneous information sharing from instant game. It seems that our creativity and knack messenger to texts from cell-phones to for innovation has abandoned us lately, and e-mail. Any communication network needs we still cling to old, tested and failed models to replicate this speed of transmission to be a of both organizing and communicating. In truly effective
Page 16 Page 17 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet tool on the street. Nothing ages as poorly systems needs a way to filter such mes- as information. Our contemporary com- sages. Additionally, the personal safety of munications systems have adhered to this those receiving and sharing information is a principle well. Using hand held walkie- consideration both on the ground and in later talkies, Nextels, and even bull-horns has persecution. In fact, this type of accurate allowed information to be updated quickly information could be used by people fighting providing contemporary information. Any bogus charges by the authorities similar to new system would have to be equally as fast how video has been used in recent cases. in its information distribution and hopefully The information can also provide a more more sophisticated. objective global view for those wishing to analyze the event after the fact and not wish- 2.Truthfulness is another principle that di- ing to rely solely on first person accounts. rectly impacts the effectiveness of the over- Finally, system itself must be secured from all information network. Accurate and un- sabotage by outside forces that may wish to derstandable information is at the foundation disrupt the flow of information or send mis- of effective action and informed autonomous information to users. Verification and other decision-making. Too much information on procedures could seriously limit reactionary the street is not much better than too little. forces from undermining a communications During the last two National Republican system thus limiting there damage by using Conventions we have seen that the amount self-correcting mechanisms. of text messages sent overwhelmed users to the point they often stopped reading them. 4.Cost is a self-evident principle. Most We also have seen how inaccurate informa- radical groups and individuals have limited tion and rumors can poison tactics disarming resources especially when compared to the our resistance and in some cases putting State’s bloated budgets for communications. us in peril. We have all heard about mass We need to find do-it-yourself (DIY) ways arrests only to later find out such reports to level the playing field and allow the best were false, while the rumor has dampen or communication system our limited mon- even ended a vibrant action. It is difficult to etary resources can provide. At first it might judge the veracity of any piece of informa- seem absurdly naive to believe that a DIY tion one hears while on the streets and thus decentralized system could ever out perform we sometimes have to make decisions about the zillion dollar gizmos of the authorities, the truthfulness of anonymous sources of but the world has changed in recent years. perhaps crucial data. Any usable system It is no longer simply a matter of who has needs to find a way to verify information to the best hardware but more who has the best ensure its trustworthiness and that will allow system for delivering and filtering informa- people on the street, over time, to build trust tion. Open source collaborative communities in the message because they messenger. have for decades shown that their shoestring (or no) budget programs are just as good , if 3.Security of information is also an impor- not better, than those developed by big gov- tant factor. While most communications ernments or multi-nationals. So it will not in a mobilization will have to be open, in be easy and will require a lot of sweat but order to allow for senders and receivers it is not out of the realm of possibility. Cost to participate, we obviously do not want considerations are not just for those setting to expose participants to more risk than up the system but for end users. Most likely they already run by simply being on the we will continue to use already ubiquitous street, and expressing dissent. This means technologies out there like radios that certain messages or pieces of informa- tion may be inappropriate to share, and the Page 18 Page 19 The Hacktivist’s Guide To The Internet and cell-phones. (verbal or text) for transmitting information into communication but there may be other 5.Accessibility is a key component to any useful models for doing this. The visual system that hopes to be used by a diverse recognition areas of the human brain are 13 group, common at large demonstrations. times larger than the language centers and Any communications system needs to be are some of the most developed aspects in easy to use and have a very short learning the brain. By using pictures, symbols or curve because unlike in the anti-globaliza- similar visual representations it is possible to tion days, today people spend very little time take large sets of data and turn them into us- in preparatory skill-shares and workshops at able patterns. By moving away from strictly large mobilizations. Now most people tend language based systems a communica- to arrive the day before a protest for better tions system can be used by a more diverse or worse so the system must be learned groups and in different geographic locations. (or preferably be already self-evident) in a very short time or before the protest using 7.Virulence of both the system and the users web-sites, zines, etc. This has more to do is a necessary aspect of a sound communi- with the users end but also could apply to cations network. The effort that goes into the operator/developers end. During the outreach/training is often underestimated. It Republican Convention in New York (2004) is quite time-consuming and difficult to get textmob (a version of sms sharing predat- people to adopt new ways of doing things ing Twitter) was introduced but because it especially if they are complicated or poorly was unfamiliar and required some mastery understood. Viral growth allows peoples’ of simple commands many people who had natural networks to take on the bulk of this applicable cell-phones still did not use it. In work and do it more effectively than any fact less than eighty people used textmob outreach working group could achieve on during the week-long protests that drew tens its own. The system used has to be easily of thousands. Indymedia on the other hand implemented and shared by others. The best was so easy and replicated on many other in- way of achieving this is by allowing a great ternet sites that it was almost instantly used deal of adaptability in the system. Indymedia by thousands in the first week of its launch. started out as a way to report on the Seattle protests but was quickly adapted to other 6.One overlooked component of an effective purposes including event announcements, communications system is how it filters data sharing theoretical writings and even orga- not just for veracity (see point 2) but allow nizing protests. The actual implementation for effective pattern recognition. Textmob of the software was more complicated and and live streaming of police scanners suffer relied on a small group of Johnny Apple- from providing the user so much informa- seeds that went from city to city and country tion that it can quickly become distracting to country to set up Indymedia nodes. By noise. The difference between noise and 2001 the software and hardware had become useful information is usually a problem of stream-lined enough to allow anyone with filtering. A communications network, if it some computer skills and access to moder- is receiving data from a large number of ate priced equipment to set up their own sources must find a reliable way to provide Indymedia site. Most of the communication information in sizes that people can digest. systems used during protests are created on Ideally the patterns revealed would allow a disposable users to have a more global picture of what is going on and be able to make decisions about their actions based on this understand- ing. Traditionally we use linguistic models Page 18 Page 19 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet model, meaning they are used just once. become obsolete by next year or next month This one-time use interferes with the viru- for that matter, a model that is flexible lence of the system because it needs to be enough to grow and evolve as new needs, rebuilt and often relearned with each new ideas, and technologies arise. Another aspect event. Ideally a system would be devel- of sustainability is the need to develop a oped that could be use and expanded upon model that can easily be replicated and by anyone and spread by existing social doesn’t depend on a small group of highly networks. specialized people for its functioning. Food Not Bombs is a good example of a sustain- 8.It should be clear from the previous able model, while a small group of people principles that flexibility is a highly desir- can make an effective FNB anywhere in able characteristic of an effective commu- the world, the actual participants can easily nications system. By flexibility we mean a change while the project continues to exist. system that can easily function at various scales of both geography and size. A com- There are of course other attributes munications system should be able to tell that go into making an affective commu- us what is going on around the corner or nications network but these ten principles across town while at the same time letting us create a foundation for thinking about and connect with thousands or just our affinity developing any such network. We feel group. The network should that an effective and radical work equally well in Bos- communications network for ton, Bogota and Beijing. It mobilizations and protests can should allow the user to cus- provide an important tool in tomize it so they can get and the overall radical project. share the information they want at a particular time and A system that maximizes place. This type of flexibility the ten principles can create a will dramatically improve the new model for our resistance value of a communications on the streets. Our hope is system. that such a communications system would allow a real- 9.As anarchists we seek to create a com- time emergence of collective action, shared munication system that is non-authoritarian. knowledge and intelligence that could That means that the information is con- counteract the State’s ability to contain re- trolled by the users on both ends, and sistance and oppress us. The tired old chant doesn’t rely or allow some self- or other- of “the people united can never be defeated” wise selected “cadre” to use information in might become a reality if tens of thousands order to manipulate or direct participants of people have the ability to draw upon not without their active agreement. A horizon- only the “wisdom of the crowd” but also its tal, non-authoritarian system is also much passion. The courage, skills, intelligence, more powerful and protected from oppres- desire and commitment of the participants sion, arrests, or sabotage. We also believe in our mobilizations is not in doubt; the goal that non-authoritarian systems require more is to create an information-sharing system participation and thus draw on the strength that encourages all of these diverse people of many making it a more powerful tool that to act in concert without relying on some reflects our politics. centralized decision-making body and soul crushing discipline. Flash mobs, internet 10.Seeking to create a sustainable system, organizing, political prisoner support web we are looking to a model that will not pages, etc. Page 20 Page 21 The Hacktivist’s Guide To The Internet have all suggested that technologies can be technologies to promote social justice in the harnessed to multiply our strength. Imagine US and internationally by grass-root/com- if we could create a communications net- munity groups. work that encouraged all the passions on the streets to emerge naturally into a tidal wave As of March 2009 MHCC is still pulling of real and radical change. If we could build its self up from the bootstraps. Some of the a system that unites us while keeping our initial research the collective will be doing individual autonomy of action intact then we is looking into contributing to an extend- would truly be unbeatable. ing the Ushaidi project [1], and repurposing the Tapatio project. To keep up to date with March Hare Communications Collective, progress of the group and it’s projects visit Inc. (MHCC) is a volunteer mutual benefit http://march-hare.org. corporation that is dedicated to promoting emerging communications technology for the use of public organizing of grass-roots groups and non-governmental organizations. The focus of the March Hare Communica- tions Collective, Inc. is to develop new, secure and open software to be used with existing technologies that will aid com- munity and grass-roots coordination, social networking and organization specifically us- ing mobile technologies. In addition March Hare Communications Collective, Inc. seeks to provide educational materials and train- ings on how to use mobile technologies in a safe and effective manner that meets the needs of the user groups. March Hare Com- munications Collective, Inc. seeks to be a repository of both technologies and informa- tion regarding the innovative use of mobile
References: [1] The Ushahidi Engine is a platform that allows anyone to gather distributed data via SMS, email or web and visualize it on a map or timeline. Their goal is to create the simplest way of aggregating information from the public for use in crisis response. This is very simi- lar to the goals of the Tapatio project but managed to get a larger development team off the ground and was able to make due with out using twitter on the backend by leveraging Font Line SMS (http://www.frontlinesms.com/), and hardwired cell phones. http://www.ushahidi. com/
[2] Tapatio is intended to be a communications resource for the radical anti-authoritarian community. They have developed a system that can be used in mass direct action scenarios to gather tactical information, categorize that information based on type and urgency, rate the information for reliability, and then dispatch reliable information to individuals in the streets based on the criteria they request (for example, maybe the user only wants informa- tion about legal updates, or maybe they want to hear about police mobilizations and medical information). http://comms.hackbloc.org Page 20 Page 21 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet
- FCC rules Comcast guilty of throttling P2P traffic in Class Action Lawsuit victory ------December 25th 2009: Comcast has settled to pay up to $16 million dollars to eligible class members not exceeding $16.00 each. You can apply online at or read the text of the agree- ment at http://www.p2pcongestionsettlement.com. Comcast has since filed a legal appeal.
Comcast is using Sandvine, commercially available traffic shaping services - controversial because it designed to violate Net Neutrality principles.
The FCC is demanding that Comcast “ensure compliance with a proscribed plan to bring Comcast’s discriminatory conduct to an end” and within 30 days of release of the Order Comcast must “disclose the details of its discriminatory network management practices to the Commission, submit a compliance plan describing how it intends to stop these discrimi- natory management practices by the end of the year, and disclose to customers and the Com- mission the network management practices that will replace current practices”
An open source project called Glasnost was put together to gather data on various ISPs to demonstrate BitTorrent traffic shaping patterns and have published their results at http:// broadband.mpi-sws.org/transparency/results/. Amongst their findings was that Comcast (also Cox and StarHub) was blocking bit torrent upstream traffic.
- Comcast, General Electric and NBC ------December 3rd, 2009: Comcast has purchased a controlling majority of NBC Universal (NBCU) further positioning itself as a media monopoly. Comcast will take a controlling 51% stake in the joint venture, and GE will control 49%.
According to the Wall Street Journal, the $30 billion merger “represents the first significant merger review for the Obama administration, and regulators are expected to undertake an exhaustive review.” As of January 6th the Department of Justice antitrust division and the Federal Communications Commission are currently reviewing the merger.
Digital rights and free speech advocates who claim that the merger would consolidate too much media power into the hands of the nation’s biggest cable company and ISP.
“How the FCC might stop the Comcast-NBC merger” http://arstechnica.com/tech-policy/news/2009/12/how-the-fcc-might-stop-the-comcastnbc- merger.ars
“Justice Dept. will join FCC in review of Comcast-NBC Universal deal” http://latimesblogs.latimes.com/entertainmentnewsbuzz/2010/01/dept-of-justice-will-probe- comcastnbc-universal-deal.html Page 22 Page 23 The Hacktivist’s Guide To The Internet
If you work at Comcast consider joining or starting a Union: http://www.comcastworkers. com http://www.comcastworkersunited.com http://comcastworkersfightback.blogspot.com
- Ryan Harris busted by FBI for selling hacked cable modems ------Ryan Harris(“DerEngel”) was indicted by the grand jury on August 16th 2009 for conspir- acy, wire fraud and computer fraud but was not arrested until late October. Harris founded TCNISO which according to the indictment “develop, distribute and sell cable modem hacking software and hardware products.” In November 2008, FBI agents purchased via TCNISO’s website pre-hacked cable modems and the book “Hacking the Cable Modem” written by Harris.
The indictment also involved three additional unindicted co-conspirators: a software de- veloper for TCNISO who lived in Kentucky, the vice president of TCNISO who lived in California, and “DShocker” who lived in Massachusetts(According to Wired, DShocker was previously busted for DDos and Swatting attacks and received an 11 month sentence).
The dangerous precedent being set with this case is that the FBI is not alleging that Harris personally used hacked cable modem to illegally steal internet access, but that TCNISO sold technology that possibly could be used by others to do so.
“Feds Charge Cable Modem Modder With ˜Aiding Computer Intrusion” http://www.wired.com/threatlevel/2009/11/derengel/
Ryan Harris indictment http://www.scribd.com/doc/22076368/Ryan-Harris-DerEngel-Indictment
Thomas Swingler was busted for nearly the same thing in January 2009 for running the website cablehack.net (http://www.wired.com/images_blogs/threatlevel/files/swingler_com- plaint.pdf).
- Three Charged for Hacking Comcast.net DNS Account ------November 19, 2009: Three were charged in federal court for the May 28th, 2008 hijacking of Comcast.net’s DNS account at NetworkSolutions.com, temporarily sending Comcast visitors to their own page which read “KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven.”
Christopher Allen Lewis (EBK), James Robert Black, Jr. (Defiant), and Michael Paul Nebel (Slacker) are being charged with conspiracy to commit computer fraud Title 18 Section 1030. The indictment explains that they had gained access to Comcast’s account through a series of phone calls and social engineering. Comcast claims that the website was down for more than five hours allegedly costing the company over $128,000 in damages
Some reports have speculated that the hackers were retaliating for Comcast’s recent sabotage of BitTorrent traffic; Defiant and EBK say that’s false: they just hate Com Page 22 Page 23 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet cast in general. “I’m sure they hate us too,” says Defiant. “Comcast is just a huge corpora- tion, and we wanted to take them out, and we did,” he says.
“I was trying to say we shouldn’t do this the whole damn time,” said Defiant last year. “But once we were in,” added EBK, “it was, like, fuck it.”
“Feds Charge 3 With Comcast.net Hijacking” http://www.wired.com/threatlevel/2009/11/comcast-hack/
The past few months have manifested a jump on em. number of internet attacks on white suprem- acist organizations ranging from destroying (Example: A quick look at the database websites to releasing internal communi- dump for volksfrontinternational.com re- cations. Let’s analyze what happened to veals that Andrew Yeoman of the Bay Area further discuss what tactics are appropriate National “Anarchists” attended the Althing and effective in our movements. white power gathering in Missouri - and that his phone number is 415.309.7863. Give The most recent incident in December in- him a ring!) volved the release of mysql database dumps for ten neo-nazi websites and forums includ- Our only criticism is that the scope of these ing private messages, emails, password recent attacks seems rather narrow in only hashes, everything. For anti-racist activ- attacking white supremacists when there ists and researchers, there is a bottomless are other perfectly suitable targets such as goldmine of information available in these anti-immigrant vigilante groups like the databases. Minutemen(see swarm.mahost.org), Third Position nationalists, or groups like the Tea You may find information such as pictures, Party. phone numbers and home addresses for af- filiated white supremacists in your area who Furthermore there are other tools that can would probably very upset if you make and be utilized and some of the best are not distribute posters in their neighborhood. You surprisingly developed by the government. may also find that some are involved with From the 60s to today, counter-intelligence more mainstream conservative organiza- programs attempt to identify and exploit tions such as the Republican Party or the Tea weaknesses and divisions in progressive Party Patriots who would also be very upset movements by infiltrating organizations and/ having their Nazi affiliations exposed. You or making false accusations about movement may also find out when and where white leaders. We could be using similar tactics power groups are organizing meetings, and to dismantle white supremacist movements pass that along to anti-racist groups who by creating fake profiles on nazi forums to could shut the event down and/or get the gather information or set up nazis to fight Page 24 Page 25 The Hacktivist’s Guide To The Internet against each other. communication systems we hope to make it more difficult to spread their hate, recruit new members, or organize on the internet at Free Speech for Who? all.
While these attacks are very disruptive and Direct Action Hacktivism embarassing to fascists, some white hat “hackers”, right wingers and even some rich Bashing the Fash on the internet is one cam- liberal types are often quick to criticize such paign that we can draw some lessons from actions in that they violate “free speech”. and apply it to other struggles. Let’s suppose (Nevermind the fact that everywhere the the goal of direct action hacktivism is to Nazis go the police are there to protect them cause the target organization enough stress while cracking down on the leftists). The and damage that they can no longer perform oppressors already have their stage; the their services, individual members will quit mainstream media bombards us with racism and/or turn against each other, and even col- and sexism every day, creating space for lapse entirely. What kinds of tactics are most more blatent neo-nazi groups who if they effective, and why? Here are some points to are not exposed and confronted with militant measure how effective an action is: action they will continue to grow and thrive. The tactics used by Anti-Racist Action have * Creating a financial burden for the target proven to be effective in driving out white - making it costly in terms of money and supremacist and other racist organizations labor to return services to normal (such as and individuals. The ARA Network has this having to buy a new server, or having to put to say about free speech: hundreds of hours in to rebuild)
“We think that hate speech, turning people * Causing loss of irreplacable data - the into scapegoats and targets for hateful ac- trashing of site content, databases, and back- tion, is an abuse of free speech and that up files making it difficult if not impossible people’s lives are more important than the to ever restore services (such as deleting site right of someone to publicly encourage oth- content, customer records, research files, ers to target certain groups for a campaign backups, etc) of murder, rape, assault, genocide, ethnic cleansing and terror. A cross burning, for ex- * Bringing attention to the atrocities and ample, is not free speech or the free exercise injustices committed by the target - articu- of religion -- it is an act of racist terror and lating your message clearly so as not to be intimidation.” dismissed as petty vandals or criminals, and (http://www.antiracistaction.org) ensuring that those reading about the action understand it and dig it The purpose of these actions is not to defend the free speech rights of racist scum - it is * Exposing harmful or embarassing infor- to disrupt and dismantle white supremacist mation - uncovering internal documents that organizations. The idea of direct action if released would turn the general public itself is not about appealing to politicians or against the target and possibly be incriminat- police to solve our problems or to attempt ing (such as posting personal email cor- to win any sort of ideological battle - it’s respondence, internal policies or research, about taking matters into our own hands personal information such as phone # and and wrecking what wrecks us. By breaking addresses on individual members) into their computer systems, exposing their correspondence, and shutting down their Following these points should help Page 24 Page 25 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet ensure an action is significantly damaging backlash against your choice of tactics be- to an organization and will hopefully cause cause it “makes you look as bad as them”. it to collapse entirely. But it can all be for nothing if: * The action is not in synchronicity with already existing campaigns and movements * The cost/benefit ratio isn’t worth it - that with well defined goals and demands. Hack- it might bring legal heat down on you or tivism is not ever a substitute for on-the- other allied organizations, or (warning, some ground community activism. liberal bullshit right here) there is public
Recent Timeline of Internet Actions Targetting Fascist Organizations
Late 2008 Anti-fascist hackers calling themselves “Daten-Antifa” (data-antifa) broke into the nazi forum Blood & Honour and released complete database dumps of tens of thousands of members including names, emails, passwords, private messages and other internal information. The information was uploaded to a variety of torrent websites and was described by the hackers as a “laboriously prepared cloak-and-dagger operation”. http://de.indymedia.org/2008/08/225641.shtml
August 2009 Private emails belonging to a chapter of the National Socialist Movement(NSM) were released to WikiLeaks. The contents of these emails include personal correspondence, information on other accounts the user had access to, and the contents of the NSM’s internal discussion email list. http://wikileaks.org/wiki/US_National_Socialist_Movement_private_emails_,until_15_Aug_2009
November 2009 The websites of holocaust denier and Nazi sympathizer David Irving were defaced by “Anti-Fascist Hackers” who released private email correspondence, secret locations of his speaking tour, and detailed information on people attending his events which included members from various white supremacist organizations. This information was also posted to WikiLeaks. http://www.wired.com/threatlevel/2009/11/david-irving/
December 2009 In possibly the best score yet, mysql database dumps of ten white supremacist and neo-nazi websites were released to WikiLeaks. The information is 54MB compressed and contains usernames, email addresses, password hashes, and private messages belonging to the following websites: volksfrontinternational.com(Volksfront International), hammerskins.net(Hammerskins Nation), aryanfront.com(Aryan Front), newp.org(North East White Pride), whit- erevolution.com(White Revolution), finalstandrecords.com(Final Stand Records), enationalism.com(eNationalist), ecwu.org(East Coast White Unity), bloodandhonour.com(Blood & Honour, updated version!), and creativitymove- ment.net(Creativity Movement, formerly World Church of the Creator).
The filename is ten-neo-nazi-sites-plus-2009.tgz and is available on various torrent websites. Much work is needed by hackers to parse this information, crack giant password hash lists, and publish the information in human read- able formats! Page 26 Page 27 The Hacktivist’s Guide To The Internet
Nathan: Orbot, the Tor port for Android, is where While trying to answer the question, “What is the the initial bulk of our labor has been placed. future of the Tapatio Project?”, I ended up getting Through this work, we’ve not only gotten Tor in touch with a number of different people who working, but have solved the basic problems of have worked on anti-authoritarian communica- controlling the flow of all packets in and out of an tions teams as well as a few who are actively Android device. Our goal with Orbot is that you developing the next generation comms tools. can use it to blacklist or whitelist all network- Nathan Frietas is working on the the Guardian enabled application, as well as select which ones project, an attempt to bring useful tools for you wish to route via Tor. In addition, Orbot can political activists to mobile devices. The target route all DNS queries through Tor, so that there platform is android and while there are a number is no leakage into the mobile network, at all, and of ambitios goals, progress is being made and you can be assured there is no targeted MITM more and more people from the community are attacks happening within the carrier network. taking note and getting involved. The general With Orbot fully enabled on your device, every idea of the project is to create a suite of tools, networked application is anonymized. each providing a discreet feature that collectivly meet the Beyond that, there a number of third-party requirements of a communications team with open-source applications we have begun testing scouts, medics and their dispatchers, report- for inclusion on our distribution. One of this is ers and their publishers, all of whom may be SIPDroid, which is a SIP/VOIP client which deployed to a hostile environment. can connect with an Asterisk server to provide IP-based voice communication over 3G or Wifi. The public description of the Guardian Project We have tested SIPDroid over a VPN connec- along with a plug for the android platform on the tion (PPTP or OpenVPN) and it works very well. project site With this configuration, if you have multiple us- (http://openideals.com/guardian/) is: ers with Android phones and SIPDroid, you can have a secure voice communications network. While mobile phones have been heralded as This is the type of “telecommuter” configuration a powerful new tool for political activists, human that corporations with Cisco-powered infrastruc- rights advocates and public health initiatives tures have been running for ten years - we’ve just around the globe, they are a step backwards figured out how to do it with open-source and on when it comes to personal liberty, anonymity and Android phones. safety. Google Android’s open-source mobile te- lephony platform provides a foundation on which Finally, Beem Project (XMPP chat with SSL), a new type of phone that cloaks its user and their RemoteWipe (SMS-based remote device eraser), data, both on the device itself and as it communi- DroidTracker (SMS-based authorized GPS track- cates around the world. er) and DroidWall (iptables-based firewall) are some of the other applications we are working to Nathan was kind enough to meet up with me and optimize and integrate. Some version of this code give me the low down on getting is available either through the Android Market, or involved with the project and agreed to talk a bit via their project pages and code repositories. about the Guardian project as part of an interview with HTZ. evoltech: Which of the Guardian tools is seeing active development right now? evoltech: What tools / components of the Guard- ian project are currently ready for use? Nathan: The big focus now is porting
Page 26 Page 27 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet GPG. K9Mail is the best open-source IMAP/ it. Right now to use some of the guardian project POP client on Android, we’d love to provide tools you have to have a hacked android phone integration with it to support all the features you which is probably out of reach for most activists. need to sign and encrypt mail, as well as basic Can you speculate as to when the use of mobile key management. The apps would end up look- applications like this will become accessible to ing very much like what you have on a desktop activists? Do you think it is important for it to - Keychain Manager, GPGDropThing, and so be accessible, or do you think that work should on. We are using the same approach we did with be focused on building tools that can installed, Tor - native cross-compile of the GPG codebase, contributed to, and managed by a tech-capable wrapped in Android Java code to provide the glue crowd? and user interface. Nathan: When Orbot is available in the market There are a few other side efforts going on (next week?!), you will see that it is very, very around encrypted SMS and ZFone (Phil Zimmer- easy to use. Literally one-tap was our goal. We man’s end-to-end voice encryption), and I am then want a number of applications (browsers, trying to get those efforts linked in a bit better IM chat, photo upload, etc) to be marked as into Guardian. “Tor-enabled” or “Tor-certified” so that users can just install those and be on their way. The We are also trying to get our first complete goal of Guardian is not so much new concepts Android firmware MOD built, so that you can or functionality, but trying to secure all of the simply flash a rooted device, and have a complete existing activities that users do naturally on their secured distro. We are building our working up mobile devices. on the CyanogenMOD project, which has shown great success in providing an alternate firmware Ultimately, since the work on Guardian is open- with enough ease-of-use that even mainstream source, I would hope that for specific events, users are switching to it. mobilizations, campaigns or days of actions, a group could come together and build a custom evoltech: Can you describe were you see this app just for that effort. It might tie together dif- project a year down the road? ferent pieces of Guardian, while providing a very, simple set of functionality... a one-click picture Nathan: We have some pretty tangible goals: + upload + GPS that is all done over a secure, anonymous channel, for instance. - Availability of the core applications (Tor, GPG, in the Android Market and via direct download of I can also see specialized configurations of hard- the APK files in multiple languages/locales ware and software deployed by the more serious - Availability of MOD firmware distribution with teams. For instance, having Guardian phones pre- bundled apps with support for major devices on configured with voice networks, safe GPS track- the market ing, remote wipe, etc. in the hands of a comms - A small but vibrant developer community with or media teams would allow them to do their job the ability to respond to bugs and feature requests without compromising those around them. as they arise - Direct sale (at cost) and conversion service of evoltech: Can you describe some of the Guardian Guardian-enabled Android hardware project tools that you imagine to be well suited - An grant/donation-funded program “One for a comms team? How do you imagine these Mobile Per Activist” to get devices into the hands tools being used in a of the groups that need them the most comms deployment?
evoltech: The communication team deploying One feature that is a bit controversial is GPS tapatio 3 years ago at the RNC in tracking. It is funny that this is one of the biggest Minneapolis had a difficult time teaching people paranoias of activists - that your position is being how to use twitter from their tracked, or that your phone could be controlled or phones. It was totally foreign to people. Less activated remotely. However, this same capability then a year later the service had become so ubiq- could be very useful for a comms team. I have uitous that every one already knew how to use
Page 28 Page 29 The Hacktivist’s Guide To The Internet
been in many days of action where you spend with them. The problem is that with Windows half of your energy talking on radios trying to Mobile, you really don’t get to see inside of the figure out exactly where everyone is located. The OS, to truely understand what is happening be- vision then, would be to allow an authorized, en- neath the application layer. Android, Maemo and crypted stream of your GPS to be sent our to just now Symbian OS, all give you that insight and your team, while also giving you precise control ability to patch at a very low-level. to turn that on or off. I could also imagine this all flowing into a private Laconi.ca/Status.net server In the end, we have to balance the practical value and having the GPS data map onto OpenStreet- of Guardian-style features being available on ev- Maps... a complete, private, secure open-source ery phone on the market, with our commitment to social/location awareness stack. supporting true open-source platforms and tools.
In addition, the ability to erase a phone’s call or evoltech Do you have any announcements or messaging history remotely if you know a team other things you want to say about the member has been detained is also critical. I have Guardian project in HTZ? heard a number of stories about activists being popped, then having their call log used to track Nathan: First, I really appreciate your coverage down everyone they’d been in touch with. I also of our work, and want to openly solicit feedback have direct experience with this happening with and criticism for your readers. We are of the a group of media activists in China, where their transparency school when it comes to building texts and twitter messages to each other were great security software, fully realizing that while used as evidence to hold them for a week. we are clear in our passion and ability, we would never claim to know everything or consider every The work on SIPDroid that I mentioned earlier possible vector of attack. would also provide a better way to call people (via names or x1234 style extension) as opposed With that in mind, we are launching our new to exposing their actual mobile phone number. website (http://guardianproject.info) shortly, and that will include all the information you’ll need to evoltech: On openideals.com/guardian/ you talk get in touch with us. We’re building a knowledge about being able to use this suite of tools on the base on general mobile security, and will be windows mobile platform, is this currently pos- creating some webcasts, as well, documenting sible? our work, and featuring some of the applications I mentioned earlier. Natahan: Not yet, but our work on porting Tor has already inspired similar efforts on the Nokia You can also join our mailing list there to keep N900 and other Linux-based mobile platforms. abreast of developments. Our site and lists are Windows Mobile (and not Windows Phone 7) is hosted and managed on Mayfirst.org, a progres- such a completely different environment, that it sive, technology cooperative located in Brooklyn, will take a different set of skills that we currently NY. You can be assured that we will keep your have on board. The Crytophone product out of information private. Germany is based on Windows Mobile 5/6 and we have begun discussing more collaboration Page 28 Page 29 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet
Warning: contains spoilers call for reform, urging concerned citizens to dissent at the polls. The thesis of Little Brother is the feasibility of asymmetric digital resistance, a sort of The insurgency of Little Brother uses “open-source insurgency”. The novel por- anonymity networks based on wireless trays technology as a neutral medium, uti- mesh networks to organize a decentralized lized by both the state and insurgents. While fight against the state. Inexplicably, the Little Brother is a story of a fight against novel includes few references to existing the state, and is sympathetic to anarchism, privacy-enhancing technologies - instead it fails to reject the state and capitalism and of using Pidgin[1] and OTR[2] for en- ends on an explicitly statist note. crypted, authenticated instant-messaging, Doctorow invents “IMParanoid”; instead of The novel opens with a “terrorist” attack on using Freenet or GNUnet for anonymous, the Bay Bridge. In the immediate aftermath, censorship-proof filesharing, the rebels use the protagonist and his friends are arrested Xnet, a mesh-network powered by Microsoft by agents of the Department of Homeland XBoxes running a variant of GNU/Linux[3]. Security, black-bagged, and shipped off to The novel does use OpenPGP as a central the novel’s Guantanamo stand-in, an island device, explains it comprehensively and in facility off the coast of San Francisco. The great detail, and spends the bulk of a chapter protagonist initially refuses to cooperate describing a key-generating and key-signing with interrogators, and they single him out party. However, Doctorow abuses the no- for rough treatment, eventually breaking tion of a web of trust, transforming it from him and extracting passwords for his Pirate a device used to verify the authenticity Party-provided email account and encrypted of a public-key into an expression of one mobile storage. After he is released, the person’s trust in another. Since the novel is protagonist organizes a resistance move- released under a Creative Commons license, ment based around the fictional anonymity these mistakes could be fixed, but since the network Xnet, and a psuedonym he builds license Doctorow chose prohibits commer- up, ‘M1k3y’. The insurgency is essentially cial distribution, it’s unlikely such a remix online fight club - M1k3y posts blog entries would ever exist in a printed form. detailing how to fight some surveillance technology, and his followers engage in The structure of the insurgency is depress- actions based on the targets he singles out. ingly centralized. While actions are carried Eventually this becomes a mass youth out by affinity groups with no formalized movement. Around this time, the protagonist connections to any other groups, they take decides to break his own anonymity and tell instruction from M1k3y. There seems to be his story to a mainstream media reporter, no hub of revolution more important than abortively goes into hiding, begins order- M1k3y’s blog, and ideas for new actions, ing his insurgents to stand down, and gets news events, and everything else, is emailed captured by the DHS again. As he is being to M1k3y and maybe blogged later. This is tortured, the cavalry arrives and rescues him, an artifact of the speculative fiction - if there and the novel abruptly winds down with a Page 30 Page 31 The Hacktivist’s Guide To The Internet was no Supreme Leader, readers couldn’t of negative light, although it does favorably fantasize about being it. mention anarchists, and to lesser extent, anarchism. Little Brother goes disappointingly half- way in its look at existing power structures. While possessed of an enjoyable story and While it decries the surveillance state, it is some valuable technical information, as not against states, and while it points out well as an interesting model for computer oppressive systems of race, gender, and age, network-centric insurgency, Little Brother it seems to mention these things only as an fails to stick to reality where it matters, and afterthought. The potent message of youth fails to question the elephants in the room. power expressed by the insurgency is under- mined by the Deus Ex Machina intervention from adults at the close of the novel - indi- [1] http://pidgin.im/ cating that revolution is a fun game, but just [2] http://cypherpunks.ca/otr a game, and one that needs cleaning up. The [3] http://trygnulinux.com/ novel fails to mention capitalism in any sort
“Badger hates Society, and invitations, and Specific language) for generating SQL in dinner, and all that sort of thing.” Ronin::Code::SQL [1]. - Kenneth Grahame, The Wind in the Wil- lows, Ch. 3 The website ronin.rubyforge.org is getting re-written to make use of Jekyll [2], “a Last issue we gave a general review of ruby, simple, blog aware, static site generator” as Ronin, Ronin overlays, and opposed to the custom xml based site. released a WordPress password brute forcing This is being done because the tool is getting tool. Since then, Ronin a lot of use by other has started to under go some changes, and developers, it is being actively supported, it the word press brute force tool has supports been revised. In this article we will go over blog post generation, and handles mark- some of the changes happening down syntax [3] (being used by github.com, with Ronin and the smart brute forcer. we.riseup.net, and nearly every other web application writ- ## Ronin is growing up ten in ruby) to aid user contribution to documentation. It also inte- As the Ronin project is maturing design grates nicely with ruby’s WEBrick [4] for decisions are being made to simplify, live testing. Another standardization project standardize, increase accessibility, and im- outside of Ronin, but also from prove internal integration. postmodern and related to exploit develop- ment, is ruby-yasm [5], a ruby interface Some code is getting completely cut from to the YASM assembler [6]. This will make the code base such as the SQL DSL (Do- it easy to generate shellcode for main multiple different architectures file
Page 30 Page 31 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet formats on the fly while developing pay- become the red team Intranet blog in the loads. next couple of months when it gets integrated with ronin-scanners. Contribu- The obvious downside for strong integration tions to the ronin-int database can with other projects is when project be added by humans (comments on hosts or maintainers become unresponsive. The services, references to relevant propaganda, upside, aside from having someone else or individuals and contact information re- maintain the dependency, is that it strength- lated to the campaign’s targets) or ens other projects through mutual can be programmed (the output of an nmap aid and creates tangible human relationships or wikto scan possibly from multiple within the software development sources to pin point location based filters). community. As anyone who has worked on At a recent talk with postmodern a campaign that has existed for more there was a good deal of discussion about then a short period of time will tell you, how centralizing this type of sustainability depends on a shared data is a liability as a single point of failure feeling of community and belonging. if the central source is deleted, lost, or stolen. To Integration is not just happening with exter- address this issue ronin-int nal libraries but with internal could make use AMQP [10] (a messaging ones as well. There are a few places in the protocol like XMPP (think Jabber / Ronin code base where there Google Talk) with PubSub built in allowing is duplicated effort. The prime example here notification of events is the ronin-php library which (intelligence in this case) to all subscribed provides access to rfi and lfi vulnerability parties) [11]. testing which really belongs in ronin-exploits. There is also planned inte- The Ronin exploit library, ronin-exploits, gration of ronin-scanners, the library has also been around for a while now but for integrating with external tools like nmap will have had [7], nikto [8], into a major overhaul by the time this goes to ronin-int [9], the Ronin intelligence tool. print.
The Ronin intelligence gathering library is Another postmodern creation, code name an exciting addition from the badger, roninRat, and libBERT, will provide perspective of software based campaigns. a rpc interface to computers it runs on. This Security being the ever morphing project will allow a standardized way to nightmare that it is can leave computers connect and add commands vulnerable to attacks one day and to Ronin instances running on a server. secure the next. A campaign, especially Badger is installed (dropped) on a server, when being contributed to by multiple will use ffi for arbitrary system library / file developers, will need a way to collect and inclusion, can connect back, or listen locally. share information and notes on all relevant This component will handle assets of the campaign’s targets. Metasploit running commands, and accessing the local uses sqllite (not easily FS (essentially remote shell) using shareable) and can possibly make use of BERT as the serialization mechanism. other DBMSs but would require a bit of custom hacking, and CANVAS is totally ## Misc update and fails inaccessible do to licensing price and There was a bit of work done to show off it being closed source. Ronin-int has been some of the exploit generation around for a while, but will really Page 32 Page 33 The Hacktivist’s Guide To The Internet functionality of Ronin, but it did not get finished in time for this issue smartBruteForceWP.rb -v -s so your just going to have to wait till the 204.12.0.50 -hh test.com -px localhost:8118 next issue. There was however a feature added to spidr, a ruby web spidring library, that now allows for spidering of sites being served as vhosts but without public DNS records. If you remember from last issues article we wrote a “smart” word press password brute forcing tool leveraging Ronin and a library call wordlist. Wordlist uses spidr on the backend. Another side effect of this is that we can spidr a server using the IP address and domain name without leaking dns requests through the spidr library. Run this all through privoxy and tor and you have a properly anonymous password auditing tool [12]:
References: [1] Ronin SQL API reference - http://ronin.rubyforge.org/docs/ronin-sql/
[2] Jekyll is a simple, blog aware, static site generator - http://jekyllrb.com/
[3] Markdown syntax is a meta language for a meta language (HTML), but it is a bit simpler then HTML - http://daringfireball.net/projects/markdown/syntax
[4] Gnome’s Guide to WEBrick. The best WEBrick documentation in existence, albiet with a few to many “So,
[5] A Ruby interface to YASM - http://ruby-yasm.rubyforge.org/
[6] YASM - http://www.tortall.net/projects/yasm/
[7] NMAP is a feature rich port scanner - http://nmap.org/
[8] Nikto is a web server vulnerability scanner - http://cirt.net/nikto2
[9] ronin-int - http://github.com/postmodern/ronin-int
[10] AMQP is an open Internet Protocol for Business Messaging http://www.amqp.org
[11] If you have ever had to program lisp and that last sentence just gave you flashbacks, Im sorry.
[12] smartBruteForceWP.rb - https://hackbloc.org/svn/htz/8/smartBruteForceWP.rb Page 32 Page 33 HTZ Issue 9, Winter 2010 The Hacktivist’s Guide To The Internet Upcoming Cons and Events
* The Next HOPE (16 July 2010, 18 July 2010) *
HOPE (Hackers On Planet Earth) is a conference series sponsored by the hacker magazine 2600: The Hacker Quarterly. There have been seven conferences to date: HOPE, Beyond HOPE, H2K, H2K2, The Fifth HOPE, HOPE Number Six, and The Last HOPE.
The Next HOPE is scheduled for July 16-18, 2010 at the Hotel Pennsylvania in New York City.
* DefCon 18 (29 July 2010, 1 August 2010) *
DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 17 will be held July 31 - August 2 at the Riviera Hotel & Casino in Las Vegas. Many people arrive a day early, and many stay a day later.
* Burning Man 2010 (30 August 2010, 6 September 2010) *
Once a year, tens of thousands of participants gather in Nevada’s Black Rock Desert to create Black Rock City, dedicated to community, art, self-expression, and self-reliance. They depart one week later, having left no trace whatsoever. Learn more about this incredible experience through our First Timers’ Guide, our mission statement and Ten Principles.
Tumult and change, churning cycles of invention and destruction - these forces gen- erate the pulse of urban life. Great cities are organic, spontaneous, heterogeneous, and untidy hubs of social interaction. In 2010, we will inspect the daily course of city life and the future prospect of civilization.
Page 34 Page 35 The Hacktivist’s Guide To The Internet The Back Page...
If we didn’t get a chance to use your submission now, we will get it into the next issue. We are always looking for more content, and we thank everyone for helping with the zine, not just by submitting content, but by also giving of your time, we can use all the help that we can get! We couldn’t do it without you!
Have you ever had a dream, that you were so sure was real? What if you were unable to wake from that dream? How would you know the difference between the dream world and the real world?
Hackbloc Staff: Zine Staff: alxCIAda alxCIAda Doll Evoltech Evoltech Flatline Flatline Frenzy Frenzy Hexbomber Hexbomber Kuroishi Impact Ringo Kuroishi Sally Ringo whooka Sally whooka
Questions? Comments? Article Submissions? Get a hold of us at: e-mail: staff [at] hackbloc [dot] org our website: hackbloc.org/contact
--> GET COPIES OF THE ZINE! <--
Electronic copies of the zine are available for free online at the hackbloc website: www.hackbloc.org/zine/
There are two versions of the zine: a full color graphical PDF version which is best for print- ing and also includes all sorts of extras, as well as a raw TXT version for a more readable and compatible format. Having the zine in your hands is still the best way to experience our zine. If you can’t print your own(double sided 8.5x11) then you can order copies of this is- sue and all back issues online from Microcosm Publishing (microcosmpublishing.com) who are based out of Portland. If you live in The San Francisico Bay area, you can find us at the SF Anarchist Bookfair, March 13-14 2010. More info will be found on our site closer to the time of the event!
We are seeking translators to translate Hack This Zine into other languages, if you are inter- ested send an email to staff [at] hackbloc [dot] org.
Page 34 Page 35 HTZ Issue 9, Winter 2010
Page 36